<li>Variable execution. Although this is somewhat common it's also a trick often used to prevent easy detection of malicious code as pointed out in this <a href="http://ottopress.com/2011/scanning-for-malicious-code-is-pointless/" target="_blank">excellent post</a> by Samuel Wood.</li>

<p><strong>Notice :</strong> Your hosting currently doesn't support the PHP functions <a href="http://php.net/manual/en/function.finfo-file.php" target="_blank">finfo_file</a> or <a href="http://php.net/manual/en/function.mime-content-type.php" target="_blank">mime_content_type</a> which means that image files have been excluded from testing based on their extension. This isn't fullproof but limits the number of false positives for variable execution.</p>